Filtered by vendor Ibm
Subscriptions
Total
7292 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-47742 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-23 | 5.9 Medium |
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533. | ||||
CVE-2024-22355 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-23 | 5.9 Medium |
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781. | ||||
CVE-2023-27291 | 1 Ibm | 1 Watson Cp4d Data Stores | 2024-12-23 | 4.5 Medium |
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740. | ||||
CVE-2023-47745 | 1 Ibm | 1 Mq Operator | 2024-12-23 | 6.2 Medium |
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. | ||||
CVE-2024-27255 | 1 Ibm | 1 Mq Operator | 2024-12-23 | 5.9 Medium |
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. | ||||
CVE-2023-43054 | 1 Ibm | 1 Engineering Test Management | 2024-12-23 | 6.4 Medium |
IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267459. | ||||
CVE-2024-51464 | 1 Ibm | 1 I | 2024-12-21 | 4.3 Medium |
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | ||||
CVE-2024-51463 | 1 Ibm | 1 I | 2024-12-21 | 5.4 Medium |
IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
CVE-2024-51471 | 1 Ibm | 1 Mq Appliance | 2024-12-20 | 5.3 Medium |
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | ||||
CVE-2024-52897 | 1 Ibm | 1 Mq Appliance | 2024-12-20 | 6.2 Medium |
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | ||||
CVE-2024-49336 | 1 Ibm | 1 Security Guardium | 2024-12-20 | 6.5 Medium |
IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
CVE-2024-52896 | 1 Ibm | 1 Mq Appliance | 2024-12-20 | 6.2 Medium |
IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | ||||
CVE-2024-28767 | 1 Ibm | 1 Security Directory Integrator | 2024-12-20 | 6.8 Medium |
IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||||
CVE-2024-51466 | 1 Ibm | 1 Cognos Analytics | 2024-12-20 | 9 Critical |
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. | ||||
CVE-2024-40695 | 1 Ibm | 1 Cognos Analytics | 2024-12-20 | 8 High |
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
CVE-2024-45663 | 1 Ibm | 1 Db2 | 2024-12-20 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2024-12-19 | 6.5 Medium |
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | ||||
CVE-2021-20553 | 1 Ibm | 1 Sterling B2b Integrator | 2024-12-19 | 5.4 Medium |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2021-29827 | 1 Ibm | 1 Infosphere Information Server | 2024-12-19 | 5.2 Medium |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
CVE-2021-39081 | 1 Ibm | 1 Cognos Analytics Mobile | 2024-12-19 | 5.9 Medium |
IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |